Published on November 10th, 2017📅| 0
Android security triple-whammy: New attack combines phishing, malware, and data theft
Attackers are combining credential phishing, credit card data theft, and malware into a single campaign targeting banking details.
While it's common to see attacks involving phishing or malware, the combination of these tactics in a single campaign targeting Android devices of financial services and banking customers indicates the extent to which attackers are willing to play a longer game in order to get to their goal.
The attacks combine phishing with the distribution of the Marcher Android trojan, a form of banking malware which has been active since at least late 2013. Lures previously used to distribute Marcher include a fake software update, a fake security update, and a fake mobile game.
Marcher first originated on Russian underground forums but has since become a global threat, with the trojan targeting bank customers around the world.
Uncovered by researchers at Proofpoint, the latest Marcher campaign has been ongoing since January and uses a multistep scheme to target customers of Austrian banks.
The attacks begin with phishing emails containing a shortened bit.ly link to a fake version of the Bank Austria login page, which has been registered to a number of different domains containing 'bankaustria' in the title, in an effort to trick the user into believing they're visiting the official site.
Those who visit the fake Bank Austria page are asked for their customer details, following which they are asked for their email address and phone number. These details provide the attackers with everything they need to move onto using social engineering to conduct the next stage of the campaign.